Saturday, July 25, 2009

My First Lecture -13072009-

This monday was my first lecture of the subject- Information Technology Security. For the first time, my class is assigned to En. Mohd Zaki Bin Mas'ud. Before the class start, En. Mohd Zaki give us a big surprise that was a pop quiz! The pop quiz was about what we gonna learn for this subject and fortunately i scored 7 out of 10 questions. After that, En Mohd Zaki start the class by introducing the subject and start Lecture 1. 


First of all, the most fundamental term "security" means the quality or state of being secure that is to be free from danger while the term "Information Security" means the protection of information and the systems and hardware that use, store, and transmit that information. Basically, there are two types of security attacks which are active attacks and passive attacks. According to En.Mohd Zaki, active attacks are more harmful compared to passive attack because active attacks involve some modification of the data stream or the creation of a false stream while passive attack only involve eavesdropping or monitoring the transmissions. To prevent these attacks, there several method if defense such as encryption, software controls, hardware controls and physical control. Software controls include internal program controls, operating system and network system controls, independent control programs, and development control while hardware controls include devices such as firewall, intrusion detection systems, devices to verify user’s identities and others. Last but not least, the most important principle in information security are the CIAN priciple which are Confidentiality, Integrity, Authentication and Nonrepudiation.



Besides, En.Mohd Zaki did tell us many extra knowledges. For instance, GIAC (Global Information Assurance Certification) and CISSP (Certified Information Systems Security Professional) provide information security certifications for IT managers and security professionals.